This commit is contained in:
github-actions[bot] 2023-05-10 09:03:19 +00:00
parent 01d120d8ed
commit dbec53166c
20 changed files with 113 additions and 113 deletions

View file

@ -1607,7 +1607,7 @@ service indexer-worker {
<p>adjust the settings to tune for your desired memory limits, exclude folders and enable searching text inside of attachments</p>
</li>
<li>
<p>Update <code>docker-compose.yml</code> to load the previously created dovecot plugin config file:</p>
<p>Update <code>compose.yaml</code> to load the previously created dovecot plugin config file:</p>
<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="nt">services</span><span class="p">:</span>
<span class="w"> </span><span class="nt">mailserver</span><span class="p">:</span>
<span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ghcr.io/docker-mailserver/docker-mailserver:latest</span>
@ -1635,18 +1635,18 @@ service indexer-worker {
</li>
<li>
<p>Recreate containers:</p>
<div class="highlight"><pre><span></span><code>docker-compose down
docker-compose up -d
<div class="highlight"><pre><span></span><code>docker compose down
docker compose up -d
</code></pre></div>
</li>
<li>
<p>Initialize indexing on all users for all mail:</p>
<div class="highlight"><pre><span></span><code>docker-compose exec mailserver doveadm index -A -q \*
<div class="highlight"><pre><span></span><code>docker compose exec mailserver doveadm index -A -q \*
</code></pre></div>
</li>
<li>
<p>Run the following command in a daily cron job:</p>
<p><div class="highlight"><pre><span></span><code>docker-compose exec mailserver doveadm fts optimize -A
<p><div class="highlight"><pre><span></span><code>docker compose exec mailserver doveadm fts optimize -A
</code></pre></div>
Or like the <a href="../../../faq/#how-can-i-make-spamassassin-better-recognize-spam">Spamassassin example</a> shows, you can instead use <code>cron</code> from within DMS to avoid potential errors if the mail server is not running:</p>
</li>
@ -1654,7 +1654,7 @@ Or like the <a href="../../../faq/#how-can-i-make-spamassassin-better-recognize-
<details class="example">
<summary>Example</summary>
<p>Create a <em>system</em> cron file:</p>
<div class="highlight"><pre><span></span><code><span class="c1"># in the docker-compose.yml root directory</span>
<div class="highlight"><pre><span></span><code><span class="c1"># in the compose.yaml root directory</span>
mkdir<span class="w"> </span>-p<span class="w"> </span>./docker-data/dms/cron<span class="w"> </span><span class="c1"># if you didn&#39;t have this folder before</span>
touch<span class="w"> </span>./docker-data/dms/cron/fts_xapian
chown<span class="w"> </span>root:root<span class="w"> </span>./docker-data/dms/cron/fts_xapian
@ -1669,7 +1669,7 @@ chmod<span class="w"> </span><span class="m">0644</span><span class="w"> </span>
<span class="c1"># Everyday 4:00AM, optimize index files</span>
<span class="na">0 4 * * * root doveadm fts optimize -A</span>
</code></pre></div>
<p>Then with <code>docker-compose.yml</code>:</p>
<p>Then with <code>compose.yaml</code>:</p>
<div class="highlight"><pre><span></span><code><span class="nt">services</span><span class="p">:</span>
<span class="w"> </span><span class="nt">mailserver</span><span class="p">:</span>
<span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ghcr.io/docker-mailserver/docker-mailserver:latest</span>
@ -1684,7 +1684,7 @@ chmod<span class="w"> </span><span class="m">0644</span><span class="w"> </span>
<h4 id="setup_1"><a class="toclink" href="#setup_1">Setup</a></h4>
<ol>
<li>
<p><code>docker-compose.yml</code>:</p>
<p><code>compose.yaml</code>:</p>
<div class="highlight"><pre><span></span><code><span class="w"> </span><span class="nt">solr</span><span class="p">:</span>
<span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">lmmdock/dovecot-solr:latest</span>
<span class="w"> </span><span class="nt">volumes</span><span class="p">:</span>
@ -1714,10 +1714,10 @@ chmod<span class="w"> </span><span class="m">0644</span><span class="w"> </span>
</code></pre></div>
</li>
<li>
<p>Recreate containers: <code>docker-compose down ; docker-compose up -d</code></p>
<p>Recreate containers: <code>docker compose down ; docker compose up -d</code></p>
</li>
<li>
<p>Flag all user mailbox FTS indexes as invalid, so they are rescanned on demand when they are next searched: <code>docker-compose exec mailserver doveadm fts rescan -A</code></p>
<p>Flag all user mailbox FTS indexes as invalid, so they are rescanned on demand when they are next searched: <code>docker compose exec mailserver doveadm fts rescan -A</code></p>
</li>
</ol>
<h4 id="further-discussion"><a class="toclink" href="#further-discussion">Further Discussion</a></h4>

View file

@ -1489,7 +1489,7 @@
<p>If your container host supports IPv6, then DMS will automatically accept IPv6 connections by way of the docker host's IPv6. However, incoming mail will fail SPF checks because they will appear to come from the IPv4 gateway that docker is using to proxy the IPv6 connection (<code>172.20.0.1</code> is the gateway).</p>
<p>This can be solved by supporting IPv6 connections all the way to the DMS container.</p>
<h2 id="setup-steps"><a class="toclink" href="#setup-steps">Setup steps</a></h2>
<div class="highlight"><pre><span></span><code><span class="gi">+++ b/serv/docker-compose.yml</span>
<div class="highlight"><pre><span></span><code><span class="gi">+++ b/serv/compose.yaml</span>
<span class="gu">@@ ... @@ services:</span>
<span class="gi">+ ipv6nat:</span>

View file

@ -1525,7 +1525,7 @@
<h1>Email Gathering with Fetchmail</h1>
<p>To enable the <a href="https://www.fetchmail.info">fetchmail</a> service to retrieve e-mails set the environment variable <code>ENABLE_FETCHMAIL</code> to <code>1</code>. Your <code>docker-compose.yml</code> file should look like following snippet:</p>
<p>To enable the <a href="https://www.fetchmail.info">fetchmail</a> service to retrieve e-mails set the environment variable <code>ENABLE_FETCHMAIL</code> to <code>1</code>. Your <code>compose.yaml</code> file should look like following snippet:</p>
<div class="highlight"><pre><span></span><code><span class="nt">environment</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">ENABLE_FETCHMAIL=1</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">FETCHMAIL_POLL=300</span>
@ -1536,7 +1536,7 @@
│   ├── fetchmail.cf
│   ├── postfix-accounts.cf
│   └── postfix-virtual.cf
├── docker-compose.yml
├── compose.yaml
└── README.md
</code></pre></div>
<h2 id="configuration"><a class="toclink" href="#configuration">Configuration</a></h2>

View file

@ -1548,7 +1548,7 @@ If any filter in this filtering chain discards an incoming mail, the delivery pr
<p>The <a href="https://doc.dovecot.org/admin_manual/pigeonhole_managesieve_server/">Manage Sieve</a> extension allows users to modify their Sieve script by themselves. The authentication mechanisms are the same as for the main dovecot service. ManageSieve runs on port <code>4190</code> and needs to be enabled using the <code>ENABLE_MANAGESIEVE=1</code> environment variable.</p>
<div class="admonition example">
<p class="admonition-title">Example</p>
<div class="highlight"><pre><span></span><code><span class="c1"># docker-compose.yml</span>
<div class="highlight"><pre><span></span><code><span class="c1"># compose.yaml</span>
<span class="nt">ports</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;4190:4190&quot;</span>
<span class="nt">environment</span><span class="p">:</span>

View file

@ -1474,7 +1474,7 @@
<h2 id="automatic-update"><a class="toclink" href="#automatic-update">Automatic Update</a></h2>
<p>Docker images are handy but it can become a hassle to keep them updated. Also when a repository is automated you want to get these images when they get out.</p>
<p>One could setup a complex action/hook-based workflow using probes, but there is a nice, easy to use docker image that solves this issue and could prove useful: <a href="https://hub.docker.com/r/containrrr/watchtower"><code>watchtower</code></a>.</p>
<p>A docker-compose example:</p>
<p>A Docker Compose example:</p>
<div class="highlight"><pre><span></span><code><span class="nt">services</span><span class="p">:</span>
<span class="w"> </span><span class="nt">watchtower</span><span class="p">:</span>
<span class="w"> </span><span class="nt">restart</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">always</span>
@ -1485,7 +1485,7 @@
<p>For more details, see the <a href="https://containrrr.github.io/watchtower/">manual</a></p>
<h2 id="automatic-cleanup"><a class="toclink" href="#automatic-cleanup">Automatic Cleanup</a></h2>
<p>When you are pulling new images in automatically, it would be nice to have them cleaned up as well. There is also a docker image for this: <a href="https://hub.docker.com/r/spotify/docker-gc/"><code>spotify/docker-gc</code></a>.</p>
<p>A docker-compose example:</p>
<p>A Docker Compose example:</p>
<div class="highlight"><pre><span></span><code><span class="nt">services</span><span class="p">:</span>
<span class="w"> </span><span class="nt">docker-gc</span><span class="p">:</span>
<span class="w"> </span><span class="nt">restart</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">always</span>

View file

@ -1493,7 +1493,7 @@
│ ├── dovecot.cf
│ ├── postfix-accounts.cf
│ └── postfix-virtual.cf
├── docker-compose.yml
├── compose.yaml
└── README.md
</code></pre></div>
<p>One common option to change is the maximum number of connections per user:</p>

View file

@ -1622,7 +1622,7 @@ Make sure to read the related documentation.</p>
</div>
<h2 id="installation-in-rootfull-mode"><a class="toclink" href="#installation-in-rootfull-mode">Installation in Rootfull Mode</a></h2>
<p>While using Podman, you can just manage docker-mailserver as what you did with Docker. Your best friend <code>setup.sh</code> includes the minimum code in order to support Podman since it's 100% compatible with the Docker CLI.</p>
<p>The installation is basically the same. Podman v3.2 introduced a RESTful API that is 100% compatible with the Docker API, so you can use docker-compose with Podman easily. Install Podman and docker-compose with your package manager first.</p>
<p>The installation is basically the same. Podman v3.2 introduced a RESTful API that is 100% compatible with the Docker API, so you can use Docker Compose with Podman easily. Install Podman and Docker Compose with your package manager first.</p>
<div class="highlight"><pre><span></span><code>sudo<span class="w"> </span>dnf<span class="w"> </span>install<span class="w"> </span>podman<span class="w"> </span>docker-compose
</code></pre></div>
<p>Then enable <code>podman.socket</code> using <code>systemctl</code>.</p>
@ -1630,8 +1630,8 @@ Make sure to read the related documentation.</p>
</code></pre></div>
<p>This will create a unix socket locate under <code>/run/podman/podman.sock</code>, which is the entrypoint of Podman's API. Now, configure docker-mailserver and start it.</p>
<div class="highlight"><pre><span></span><code><span class="nb">export</span><span class="w"> </span><span class="nv">DOCKER_HOST</span><span class="o">=</span><span class="s2">&quot;unix:///run/podman/podman.sock&quot;</span>
docker-compose<span class="w"> </span>up<span class="w"> </span>-d<span class="w"> </span>mailserver
docker-compose<span class="w"> </span>ps
docker<span class="w"> </span>compose<span class="w"> </span>up<span class="w"> </span>-d<span class="w"> </span>mailserver
docker<span class="w"> </span>compose<span class="w"> </span>ps
</code></pre></div>
<p>You should see that docker-mailserver is running now.</p>
<h3 id="self-start-in-rootfull-mode"><a class="toclink" href="#self-start-in-rootfull-mode">Self-start in Rootfull Mode</a></h3>
@ -1655,7 +1655,7 @@ systemctl<span class="w"> </span><span class="nb">enable</span><span class="w">
<p>First, enable <code>podman.socket</code> in systemd's userspace with a non-root user.</p>
<div class="highlight"><pre><span></span><code>systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--now<span class="w"> </span>--user<span class="w"> </span>podman.socket
</code></pre></div>
<p>The socket file should be located at <code>/var/run/user/$(id -u)/podman/podman.sock</code>. Then, modify <code>docker-compose.yml</code> to make sure all ports are bindings are on non-privileged ports.</p>
<p>The socket file should be located at <code>/var/run/user/$(id -u)/podman/podman.sock</code>. Then, modify <code>compose.yaml</code> to make sure all ports are bindings are on non-privileged ports.</p>
<div class="highlight"><pre><span></span><code><span class="nt">services</span><span class="p">:</span>
<span class="w"> </span><span class="nt">mailserver</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ports</span><span class="p">:</span>
@ -1665,21 +1665,21 @@ systemctl<span class="w"> </span><span class="nb">enable</span><span class="w">
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;10587:587&quot;</span><span class="w"> </span><span class="c1"># ESMTP (explicit TLS =&gt; STARTTLS)</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;10993:993&quot;</span><span class="w"> </span><span class="c1"># IMAP4 (implicit TLS)</span>
</code></pre></div>
<p>Then, setup your <code>mailserver.env</code> file follow the documentation and use docker-compose to start the container.</p>
<p>Then, setup your <code>mailserver.env</code> file follow the documentation and use Docker Compose to start the container.</p>
<div class="highlight"><pre><span></span><code><span class="nb">export</span><span class="w"> </span><span class="nv">DOCKER_HOST</span><span class="o">=</span><span class="s2">&quot;unix:///var/run/user/</span><span class="k">$(</span>id<span class="w"> </span>-u<span class="k">)</span><span class="s2">/podman/podman.sock&quot;</span>
docker-compose<span class="w"> </span>up<span class="w"> </span>-d<span class="w"> </span>mailserver
docker-compose<span class="w"> </span>ps
docker<span class="w"> </span>compose<span class="w"> </span>up<span class="w"> </span>-d<span class="w"> </span>mailserver
docker<span class="w"> </span>compose<span class="w"> </span>ps
</code></pre></div>
<h3 id="security-in-rootless-mode"><a class="toclink" href="#security-in-rootless-mode">Security in Rootless Mode</a></h3>
<p>In rootless mode, podman resolves all incoming IPs as localhost, which results in an open gateway in the default configuration. There are two workarounds to fix this problem, both of which have their own drawbacks.</p>
<h4 id="enforce-authentication-from-localhost"><a class="toclink" href="#enforce-authentication-from-localhost">Enforce authentication from localhost</a></h4>
<p>The <code>PERMIT_DOCKER</code> variable in the <code>mailserver.env</code> file allows to specify trusted networks that do not need to authenticate. If the variable is left empty, only requests from localhost and the container IP are allowed, but in the case of rootless podman any IP will be resolved as localhost. Setting <code>PERMIT_DOCKER=none</code> enforces authentication also from localhost, which prevents sending unauthenticated emails.</p>
<h4 id="use-the-slip4netns-network-driver"><a class="toclink" href="#use-the-slip4netns-network-driver">Use the slip4netns network driver</a></h4>
<p>The second workaround is slightly more complicated because the <code>docker-compose.yml</code> has to be modified.
<p>The second workaround is slightly more complicated because the <code>compose.yaml</code> has to be modified.
As shown in the <a href="../../security/fail2ban/#podman-with-slirp4netns-port-driver">fail2ban section</a> the <code>slirp4netns</code> network driver has to be enabled.
This network driver enables podman to correctly resolve IP addresses but it is not compatible with
user defined networks which might be a problem depending on your setup.</p>
<p><a href="https://github.com/containers/podman/blob/v3.4.1/docs/source/markdown/podman-run.1.md#--networkmode---net">Rootless Podman</a> requires adding the value <code>slirp4netns:port_handler=slirp4netns</code> to the <code>--network</code> CLI option, or <code>network_mode</code> setting in your <code>docker-compose.yml</code>.</p>
<p><a href="https://github.com/containers/podman/blob/v3.4.1/docs/source/markdown/podman-run.1.md#--networkmode---net">Rootless Podman</a> requires adding the value <code>slirp4netns:port_handler=slirp4netns</code> to the <code>--network</code> CLI option, or <code>network_mode</code> setting in your <code>compose.yaml</code>.</p>
<p>You must also add the ENV <code>NETWORK_INTERFACE=tap0</code>, because Podman uses a <a href="https://github.com/containers/podman/blob/v3.4.1/libpod/networking_slirp4netns.go#L264">hard-coded interface name</a> for <code>slirp4netns</code>.</p>
<div class="admonition example">
<p class="admonition-title">Example</p>
@ -1719,7 +1719,7 @@ firewall-cmd<span class="w"> </span>--reload
<span class="c1"># After you set all ports up.</span>
firewall-cmd<span class="w"> </span>--reload
</code></pre></div>
<p>Just map all the privilege port with non-privilege port you set in docker-compose.yml before as root user.</p>
<p>Just map all the privilege port with non-privilege port you set in compose.yaml before as root user.</p>